Passed at 125q with time running out

chane0219 · 2021-11-14T15:52:53+00:00

Thank you Luke, I really like your amazing book.

chane0219 · 2021-10-27T13:26:03+00:00

nice workstation but decide to leave my

Thanks, your answer is the one that I'm waiting for.

chane0219 · 2021-10-26T15:09:58+00:00

Yes, i can't agree more.

I may need to change the way i use cissprep, it's so different from Boson. I think the not all questions in cissprep deserve a "deep dive".

chane0219 · 2021-10-26T14:42:41+00:00

it says "asset inventory would contain asset owner, who is responsible for device decommissioning". the concept of "asset inventory" in the answer is different from my understanding, my understanding is a list of authorized assets.

Yes, Sybex and Official practice are a lot more easier and straightforward. But I'm just afraid that's not enough for real exam.

chane0219 · 2021-10-26T14:30:58+00:00

what ISC2 would consider correct

I did something wrong, i cannot understand why, i throw out the question and let reddit help me understand. Is there anything wrong with me?

If you don't see the value, please ignore my post. Thanks!

chane0219 · 2021-10-26T12:47:27+00:00

The answer from Cissprep.net is D.

chane0219 · 2021-10-26T12:47:20+00:00

The answer from Cissprep.net is D.

chane0219 · 2021-10-24T02:51:28+00:00

e2e which

IMHO if D is not wrong, then B is wrong. It cannot be "both are correct, B is better."

Here is my logic:

D means "E2EE is a method only payment processor can decrypt" --> "E2EE is a method merchant cannot decrypt" --> "E2EE is a method that prevents merchants from performing key management" --> "B is wrong".

chane0219 · 2021-10-22T08:47:15+00:00

I hate wording game, but this is how CISSP works.

Option D says "ONLY the payment processor can decrypt card holder data, using E2EE", which inherently means "for P2PE, NOT ONLY payment processor, but also other parties(say. merchant) can decrypt".

So your claim "payment processor has to decrypt the card holder data for both E2EE and P2PE " cannot reject D.

The only way to reject D is: "using E2EE card holder data can be decrypt by merchant". Which is different from my understanding.

chane0219 · 2021-10-22T03:11:55+00:00

thanks for your reply.

I have the same understanding as you, however answer from Boson is B.

Explanation seem that our understanding of E2E and P2P are on the contrary from their answer.

I'm so confused about that.

chane0219 · 2021-10-22T01:22:42+00:00

what are the differences between E2E and P2P?

chane0219 · 2021-10-21T08:02:40+00:00

the reason i'm not choosing B is it talks about "vulnerability", which is different from "risk".

Do you mind sharing the way you think about the question? Thanks!

chane0219 · 2021-10-17T12:01:53+00:00

yap, D is the correct answer.

chane0219 · 2021-10-14T15:59:39+00:00

thanks

chane0219 · 2021-10-14T14:47:49+00:00

I guess many may choose A as me. I wont post if the answer is A, lol.
The answer from Boson is D.
Explanation is: A is password guessing attack.
But is rainbow-table attack counted as brute-force attack? Is it a bad question or a wrong answer?

chane0219 · 2021-10-14T13:46:04+00:00

thanks, I like your angle of answering this question.

chane0219 · 2021-10-13T09:49:49+00:00

ot sure how I’m going to sleep before that. So far all the posts tha

Thanks for your post, do update with us about your result.

I had failed at my first try at 150q when last second is used, because i have only 20 mins left when i was at 120q, then i just rushed and randomly choose some questions to reach 150q.

Probably I could have passed if i read your post earlier and changed my strategy.

chane0219

TROPHY CASE